CN115622693A - Secret sharing-based body area network key negotiation method and system - Google Patents

Secret sharing-based body area network key negotiation method and system Download PDF

Info

Publication number
CN115622693A
CN115622693A CN202211099981.0A CN202211099981A CN115622693A CN 115622693 A CN115622693 A CN 115622693A CN 202211099981 A CN202211099981 A CN 202211099981A CN 115622693 A CN115622693 A CN 115622693A
Authority
CN
China
Prior art keywords
sender
polynomial
key
receiver
characteristic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211099981.0A
Other languages
Chinese (zh)
Other versions
CN115622693B (en
Inventor
蔡斌
盛伟洪
胡春强
夏晓峰
胡海波
桑军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University
Original Assignee
Chongqing University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University filed Critical Chongqing University
Priority to CN202211099981.0A priority Critical patent/CN115622693B/en
Publication of CN115622693A publication Critical patent/CN115622693A/en
Application granted granted Critical
Publication of CN115622693B publication Critical patent/CN115622693B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a secret sharing-based body area network key negotiation method and system. The method comprises the following steps: mapping the sender features in the sender feature sequence to a bloom filter; a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash table; the receiver retrieves the receiver characteristics of the appointed threshold number existing in the bloom filter from the receiver characteristic sequence and records as a matching value; the receiver acquires a polynomial value corresponding to the matching value from the data structure, and reconstructs a polynomial to solve the key to be negotiated based on the matching value and the polynomial value corresponding to the matching value; and the sender verifies the solved key to be negotiated. An attacker is difficult to estimate the original characteristic value through the bloom filter and is also difficult to reversely estimate the original characteristic value of the sender according to the polynomial value in the data structure, so that the safety is improved; the method and the device have the advantages that the dependence on the accuracy of the characteristic value generation process is eliminated, as long as most of characteristic values are available, and the robustness is improved.

Description

Secret sharing-based body area network key negotiation method and system
Technical Field
The invention relates to the technical field of information security, in particular to a secret sharing-based body area network key negotiation method and system.
Background
Electronic medical (E-health) is an all-round application of communication technology in the field of healthcare from prevention, diagnosis, treatment, recovery, and the like. The problems of uneven medical resource distribution and unpublished and transparent medical information can be solved, and dispersed medical resources are integrated to a certain extent. The main undertakers for realizing the real-time monitoring task of the health condition of the patient in the E-health are various sensors. They monitor various health indicators of the patient's body in real time, indicating the health status of the patient's body. With the rapid development of embedded technology, more and more sensors are integrated in wearable devices, so that the wearable devices can provide personalized and customized health medical services.
Various devices communicate in the human Body field through wireless Networks, forming a Body Area Network (BANs). The BANs are essentially a special wireless sensor network, but differ in that their constituent nodes have lower performance and less endurance. In BANs, end-to-end transmission between data collected by sensors can be achieved, and due to the weak computing power of such devices and the associated medical requirements, the BANs must also have the capability of data sharing with remote facilities. This type of health data contains biometric information of the identifiable user, belongs to the privacy of the user, and has a high sensitivity. Therefore, it puts higher demands on the security of the communication process than the conventional sensor network.
Physiological signals of human bodies have certain uniqueness and distinguishability, such as heartbeat, blood pressure and the like. Such data can be monitored throughout the body, and is a resource that can be effectively used for key agreement, thus leading to extensive research by researchers. One current direction of research is how to use this type of physiological signal to assist in key agreement between smart sensors.
Because the physiological signals are similar but not identical (equivalent to converting physiological data of a certain time period into discrete characteristic value sequences, such as the characteristic values of physiological data collected from two parts of a human body, the characteristic values of most positions of the two sequences are the same), the current research focuses on how to utilize the same data and eliminate the influence of different data. Researchers have proposed using a bloom filter where a sender maps feature values into the bloom filter and then the receiver retrieves the same feature values in the bloom filter. Thus, under the condition that the sender and the receiver do not expose the characteristics, the receiver knows which characteristic values of the receiver and the receiver are the same, then the receiver splices the same characteristic values, randomizes the same characteristic values by using a hash function, and sends the same characteristic values and the index set of the matched characteristics to the sender, and the sender verifies the key. However, this approach makes the key related to the physiological data, presenting a security risk.
Furthermore, the key agreement technique described above ignores the problem of inconsistency of signature sequences. For example, for Inter-pulse-Interval (IPI) data, there may be a problem of inconsistency when converting it from an original analog signal to a digital signal, i.e. the ideal two-segment signature sequence should be: s1= {101, 010, 010, 111, 110} and s2= {101, 011, 010, 111, 110}. Most of which are the same and the value at a certain position is different. However, because of errors in the conversion process, s2= {101, 000, 011, 010, 111, 110}, an extra value is inserted in the middle, so that the originally same eigenvalue indexes are inconsistent. This may result in poor performance of the default schemes that rely on this consistency between feature values.
Disclosure of Invention
The invention aims to at least solve the problems of potential safety hazards existing in the relation between a secret key and physiological data and the consistency between characteristic values, and provides a secret sharing-based body area network secret key negotiation method and system.
In order to achieve the above object, according to a first aspect of the present invention, there is provided a secret sharing based body area network key agreement method, including: the sender maps the sender features in the sender feature sequence to a bloom filter; a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash table-like table, wherein the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established by referring to a polynomial in Shamir secret sharing based on a key to be negotiated and a predetermined threshold; the receiver retrieves the receiver characteristics which exist in the bloom filter while the appointed threshold number is searched from the receiver characteristic sequence, and the receiver characteristics are recorded as a matching value; the receiver acquires a polynomial value corresponding to the matching value in the data structure, and reconstructs a polynomial to solve the key to be negotiated based on the matching value and the polynomial value corresponding to the matching value; and the sender verifies the key to be negotiated, which is solved by the receiver, and if the verification is passed, the key negotiation is successful.
In order to achieve the above object of the present invention, according to the same inventive concept, a second aspect of the present invention provides a sender apparatus, comprising: the bloom filter mapping module is used for mapping the sender features in the sender feature sequence to the bloom filter; the data structure establishing module is used for establishing a secret fragment sequence and storing the secret fragment sequence in a data structure of a hash table-like table, wherein the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established by referring to a polynomial in Shamir secret sharing based on a key to be negotiated and a predetermined threshold; a sending module for sending the bloom filter and the data structure to a receiving party; the receiving module is used for receiving encrypted information which is sent by the receiving party and encrypted by using the key to be negotiated and decoded by the receiving party; the process for acquiring the key to be negotiated, which is solved by the receiver, is as follows: the receiver retrieves the receiver characteristics which exist in the bloom filter while the appointed threshold number is searched from the receiver characteristic sequence, and the receiver characteristics are recorded as a matching value; the receiver acquires a polynomial value corresponding to the matching value from the data structure, and reconstructs a polynomial to solve the key to be negotiated based on the matching value and the polynomial value corresponding to the matching value; and the verification module is used for verifying the key to be negotiated, which is solved by the receiving party, and if the verification is passed, the key negotiation is successful.
To achieve the above object of the present invention, according to the same inventive concept, a third aspect of the present invention provides a receiving side apparatus comprising: the receiving module is used for receiving the bloom filter and the data structure sent by the sender; all sender characteristics in the sender characteristic sequence are mapped in the bloom filter; the data structure establishment process comprises: a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash table-like table, wherein the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established by referring to a polynomial in Shamir secret sharing based on a key to be negotiated and a predetermined threshold; the matching value searching module is used for searching the receiver characteristics which exist in the bloom filter while the appointed threshold number is searched from the receiver characteristic sequence and recording the receiver characteristics as the matching value; the key to be negotiated is solved by the module, a polynomial value corresponding to the matching value is obtained in the data structure, and the key to be negotiated is solved by reconstructing the polynomial based on the matching value and the polynomial value corresponding to the matching value; and the sending module is used for sending the encrypted information encrypted by the solved key to be negotiated to the sender.
In order to achieve the above object, according to the same inventive concept, a fourth aspect of the present invention provides a secret sharing-based key agreement system of a body area network, which includes a sender device provided in the second aspect of the present invention and a receiver device provided in the first aspect of the present invention, and the sender device and the receiver device perform key agreement according to the method provided in the first aspect of the present invention.
The application has the following beneficial technical effects:
high safety: the method has the advantages that only one plaintext data exchange occurs in a sender, the bloom filter and a data structure are sent to a receiver, the sender characteristics are hidden through the bloom filter, a key to be negotiated of the sender is hidden in a polynomial value and is irrelevant to the sender characteristics, a hash function set with high safety intensity and a larger bloom filter scale are used, false positives of the bloom filter are effectively reduced, an attacker is difficult to estimate an original characteristic value through the bloom filter, the attacker is also difficult to reversely deduce the original sender characteristic value according to the polynomial value stored in the data structure HT, as long as the value space of the characteristic value is larger, the difficulty of reverse deduction is larger, and the safety is greatly improved;
good robustness: the data structure of the hash table is adopted, so that the method gets rid of the dependence on the accuracy of the characteristic value generation process, and even if errors exist in the process of converting the physiological data from the analog signal to the digital signal, the method has good performance as long as most of the characteristic values are available;
expandability: all parameters of the application can be adjusted in a self-adaptive mode, and if a larger eigenvalue value space is used, higher safety intensity can be provided; keys with different lengths can be protected by adjusting the Mersen prime number in the polynomial calculation; by adjusting the commitment threshold, a trade-off between security and usability can be made;
plug and play: according to the method and the device, the key negotiation can be carried out only by supporting the key negotiation scheme provided by the method and the device without setting a key or other secret information in the intelligent sensor.
Drawings
Fig. 1 is a schematic flowchart of a secret sharing-based key agreement method for a body area network in embodiment 1 of the present invention;
fig. 2 is a schematic diagram of a data structure in embodiment 1 of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
In the description of the present invention, it is to be understood that the terms "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used merely for convenience of description and for simplicity of description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed in a particular orientation, and be operated, and thus, are not to be construed as limiting the present invention.
In the description of the present invention, unless otherwise specified and limited, it is to be noted that the terms "mounted," "connected," and "connected" are to be interpreted broadly, and may be, for example, a mechanical connection or an electrical connection, a communication between two elements, a direct connection, or an indirect connection via an intermediate medium, and specific meanings of the terms may be understood by those skilled in the art according to specific situations.
Example 1
The embodiment discloses a secret sharing-based body area network key negotiation method, a process schematic diagram of which is shown in fig. 1, and the method comprises the following steps:
the following steps are performed in parallel or in series for the sender:
step A1, a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a class hash table, the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established by referring to a polynomial in Shamir secret sharing based on a key to be negotiated and a commitment threshold. The method specifically comprises the following steps:
step A11, establishing a polynomial as:
Figure BDA0003839809980000071
k represents a key to be negotiated of a sender; t represents the contract threshold; x represents a characteristic variable needing to be substituted into polynomial calculation;
Figure BDA0003839809980000072
indicating a first sender characteristic;
Figure BDA0003839809980000073
indicating a second sender characteristic;
Figure BDA0003839809980000074
representing the t-1 st sender characteristic. Let the sender have a signature sequence of
Figure BDA0003839809980000075
n denotes the number of sender features in the sender feature sequence,
Figure BDA0003839809980000076
indicating the nth sender characteristic.
Figure BDA0003839809980000077
May be the first t-1 sender signatures in the sender signature sequence or may be obtained from t-1 sender signatures randomly selected from the sender signature sequence.
Preferably, the polynomial value f (x) should be constrained in a finite field, for example, a prime number is modulo after each calculation is completed, and the prime number should be greater than the length of the key to be negotiated, and for example, when the length of the key to be negotiated is 128 bits, the prime number takes the meisen prime number of the thirteenth generation.
And step A12, solving polynomial values corresponding to all the sender characteristics, and substituting the sender characteristics as x into the polynomial to obtain a polynomial value.
First sender characteristics
Figure BDA0003839809980000081
The polynomial value of (d) is:
Figure BDA0003839809980000082
nth sender feature
Figure BDA0003839809980000083
The polynomial values of (c) are:
Figure BDA0003839809980000084
step A13, construct the secret fragment sequence of
Figure BDA0003839809980000085
Wherein the content of the first and second substances,
Figure BDA0003839809980000086
to represent
Figure BDA0003839809980000087
The corresponding value of the polynomial is then calculated,
Figure BDA0003839809980000088
to represent
Figure BDA0003839809980000089
The corresponding polynomial value, n, represents the number of sender features in the sender feature sequence.
Step a14, a data structure HT similar to a hash table is defined, and the address space of the data structure is m. To have a sufficiently large storage space and to improve the security, it is preferred that the number of buckets in the data structure is at least 10 times n. If n is 30, the address space of HT can be set to satisfy m e [0, 511], as shown in FIG. 2.
Step A15, selecting a hash function h, and enabling a polynomial value corresponding to the ith sender characteristic in the secret fragment sequence
Figure BDA00038398099800000810
Is stored in a data structure at an address of
Figure BDA00038398099800000811
Wherein, i =1,2, \8230n,
Figure BDA00038398099800000812
denotes a function value after the ith sender's characteristic is processed by a hash function h, and% denotes a modulo operation. In particular, the secret shard sequence can be smoothly traversed, and
Figure BDA00038398099800000813
addresses placed in order in HT
Figure BDA00038398099800000814
The sequential placement means that the value placed first is in front of the value placed later is in the back. The hash function h is preferably, but not limited to, SHA256 and above.
And step A2, the sender maps the sender characteristics in the sender characteristic sequence to a bloom filter. In order to improve security, a hash function set with high security strength and a larger bloom filter scale are used, preferably, a hash function set is agreed with a receiver, and sender features in a sender feature sequence are mapped into the bloom filter one by using the hash function set, specifically:
let the sender's signature sequence be
Figure BDA00038398099800000815
n denotes the number of sender features in the sender feature sequence,
Figure BDA0003839809980000091
indicating a first sender characteristic;
Figure BDA0003839809980000092
indicating a second sender characteristic;
Figure BDA0003839809980000093
indicating the nth sender characteristic.
Let the agreed set of hash functions be: h = { H = 1 ,h 2 ,…,h q Q, which represents the number of hash functions in the hash function set, may be set according to the number of sender features in the sender feature sequence and the size of the bloom filter to ensure security, and is generally a round result of dividing the size of the bloom filter by the number of sender features, such as when the number of sender features n =30 and the size of the bloom filter BF is 433, q is an integer slightly smaller than 433/30,such as 10. The hash functions in the hash function set are preferably, but not limited to, SHA256 and above.
The sender characteristics in the sender characteristic sequence are mapped into the bloom filter one by using the hash function set, that is, each sender characteristic is mapped into the bloom filter through each hash function of the hash function set, for example, when g is 10, each sender characteristic value is hashed 10 times by 10 different hash functions, and the calculated values are all mapped into the bloom filter.
As shown in fig. 1, the sender sends both a bloom filter BF and a data structure HT to the receiver after obtaining them.
As shown in fig. 1, the receiving side performs the following steps:
and step B1, the receiver retrieves the receiver characteristics which exist in the bloom filter while the appointed threshold number is in the receiver characteristic sequence, and records the receiver characteristics as a matching value.
Specifically, let the recipient's characteristic sequence be F r And according to the appointed hash function set H, the receiver searches whether the receiver characteristic appears in the bloom filter BF, and if the receiver characteristic appears in the bloom filter BF, the receiver characteristic is recorded as a matching value. It should be noted that a receiver characteristic value is considered to be present in the bloom filter BF only when the function values of all hash functions in the hash function set H are present in the bloom filter BF. If there are 10 hash functions in the hash function set H, the hash function values of the receiver characteristic values are obtained by using the 10 hash functions, respectively, and when all 10 hash function values can be found in the bloom filter, the receiver characteristic value is considered to be present in the bloom filter, and the receiver characteristic is recorded as a matching value.
Detecting the number of the searched matching values, stopping searching if the receiver can detect t matching values of an appointed threshold, entering the step B2, and finishing the characteristic sequence F of the receiver if traversing r If t matching values cannot be retrieved, the key agreement is considered to be failed.
And B2, the receiver acquires a polynomial value corresponding to the matching value in the data structure, the polynomial value corresponding to the matching value is deduced back according to the process that the sender polynomial value is stored in the data structure, and the polynomial is reconstructed based on the matching value and the polynomial value corresponding to the matching value to solve the key to be negotiated. Preferably, the polynomial is reconstructed by using lagrange interpolation method, so as to solve the key K' to be negotiated. The specific process is as follows:
after the receiver obtains the polynomial value corresponding to the matching value, firstly, a matched secret fragment sequence S ' is reconstructed, and a lagrangian interpolation method is used for reconstructing the polynomial according to the S ', so that a key K ' to be negotiated is solved.
Further preferably, as shown in fig. 1, after receiving the encryption information encrypted by the solved key to be negotiated and sent by the receiving party, the sending party further executes step A3, and the sending party verifies the key to be negotiated and solved by the receiving party, and if the verification passes, the key negotiation is successful.
As shown in fig. 1, after the receiving party resolves the key K ' to be negotiated, the receiving party encrypts the key K ' to generate a hashed message authentication code HMAC (K ', N) o |ID s |ID r ) And sent to the sender, where N o String, ID, indicating the current time s Indicating sender device ID, ID r The ID of the equipment of the receiving party is shown, and K' shows the key to be negotiated which is solved by the receiving party; if the sender receives the hash message verification code, N can be solved by using the key K to be negotiated of the sender o |ID s |ID r And the solved key K' to be negotiated is considered to pass the verification.
In this embodiment, the sender is preferably, but not limited to, a sender device in a body area network, such as a sensor, a gateway, a server, and the like, and the receiver is preferably, but not limited to, a receiver device in a body area network, such as a sensor, a gateway, a server, and the like.
In this embodiment, the sender characteristic sequence and the receiver characteristic sequence are preferably, but not limited to, physiological characteristic signal sequences acquired by sensors in a body area network, such as a heartbeat signal sequence or a blood pressure signal sequence.
In the embodiment, the key is directly exchanged, so that the key is unrelated to the physiological data, the risk in the aspect is reduced, and the safety is further improved. In addition, a data structure of a hash table is used, and the requirement on the consistency of the sequence of the physiological characteristics is eliminated.
Example 2
Based on the same inventive concept, this embodiment provides a sender device, where the sender device is preferably but not limited to a sensor or a gateway device or a server in a body area network, and the sender device includes:
the bloom filter mapping module is used for mapping the sender features in the sender feature sequence to the bloom filter;
the data structure establishing module is used for establishing a secret fragment sequence and storing the secret fragment sequence in a data structure of a hash table-like table, wherein the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established by referring to a polynomial in Shamir secret sharing based on a key to be negotiated and a predetermined threshold;
a sending module for sending the bloom filter and the data structure to a receiving party;
the receiving module is used for receiving encrypted information which is sent by the receiving party and encrypted by using the key to be negotiated and decoded by the receiving party;
the process for acquiring the key to be negotiated, which is solved by the receiver, comprises the following steps: the receiver retrieves the receiver characteristics which exist in the bloom filter at the same time of the appointed threshold number from the receiver characteristic sequence, and records the receiver characteristics as a matching value; the receiver acquires a polynomial value corresponding to the matching value from the data structure, and reconstructs a polynomial to solve the key to be negotiated based on the matching value and the polynomial value corresponding to the matching value;
and the verification module is used for verifying the key to be negotiated, which is solved by the receiving party, and if the verification is passed, the key negotiation is successful.
Example 3
Based on the same inventive concept, the present embodiment provides a receiver device, which is preferably, but not limited to, a sensor or a gateway device or a server in a body area network, and the receiver device includes:
the receiving module is used for receiving the bloom filter and the data structure sent by the sender;
all sender characteristics in the sender characteristic sequence are mapped in the bloom filter;
the data structure establishing process comprises the following steps: the method comprises the steps that a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash table, the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established by referring to a polynomial in Shamir secret sharing on the basis of a key to be negotiated and a predetermined threshold;
the matching value searching module is used for searching the receiver characteristics which exist in the bloom filter while the appointed threshold number is searched from the receiver characteristic sequence and recording the receiver characteristics as the matching value;
the key to be negotiated is solved by the module, a polynomial value corresponding to the matching value is obtained in the data structure, and the key to be negotiated is solved by reconstructing the polynomial based on the matching value and the polynomial value corresponding to the matching value;
and the sending module is used for sending the encrypted information encrypted by the key to be negotiated to the sender.
Example 4
Based on the same inventive concept, this embodiment provides a body area network key agreement system based on secret sharing, which includes the sender device provided in embodiment 2 and the receiver device provided in embodiment 3, and the sender device and the receiver device perform key agreement according to the method provided in embodiment 1.
In the description of the specification, reference to the description of "one embodiment," "some embodiments," "an example," "a specific example," or "some examples" or the like means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.

Claims (10)

1. A secret sharing-based key agreement method for a body area network is characterized by comprising the following steps:
the sender maps the sender features in the sender feature sequence to a bloom filter;
a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash table-like table, wherein the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established by referring to a polynomial in Shamir secret sharing based on a key to be negotiated and a predetermined threshold;
the receiver retrieves the receiver characteristics which exist in the bloom filter while the appointed threshold number is searched from the receiver characteristic sequence, and the receiver characteristics are recorded as a matching value;
the receiver acquires a polynomial value corresponding to the matching value from the data structure, and reconstructs a polynomial to solve the key to be negotiated based on the matching value and the polynomial value corresponding to the matching value;
and the sender verifies the key to be negotiated, which is solved by the receiver, and if the verification is passed, the key negotiation is successful.
2. The secret sharing based body area network key agreement method according to claim 1, wherein the step of the sender mapping sender characteristics in a sender characteristic sequence to a bloom filter comprises:
and (4) appointing a hash function set, and mapping the sender characteristics in the sender characteristic sequence into the bloom filter one by using the hash function set.
3. The secret sharing based body area network key agreement method of claim 1, wherein the polynomial established with reference to the polynomial in Shamir secret sharing based on the key to be negotiated and the agreed threshold is:
Figure FDA0003839809970000011
k represents a key to be negotiated of a sender; t represents the contract threshold; x represents a characteristic variable needing to be substituted into polynomial calculation;
Figure FDA0003839809970000021
indicating a first sender characteristic;
Figure FDA0003839809970000022
indicating a second sender characteristic;
Figure FDA0003839809970000023
indicating the t-1 th sender characteristic.
4. The secret sharing based key agreement method of a body area network according to claim 1,2 or 3, wherein the step of the sender constructing a sequence of secret shards and storing the sequence of secret shards in a hash table like data structure comprises:
the secret shard sequence is constructed as
Figure FDA0003839809970000024
Wherein the content of the first and second substances,
Figure FDA0003839809970000025
indicating the first sender's characteristics and,
Figure FDA0003839809970000026
to represent
Figure FDA0003839809970000027
The corresponding value of the polynomial is then calculated,
Figure FDA0003839809970000028
indicating the characteristics of the nth sender,
Figure FDA0003839809970000029
represent
Figure FDA00038398099700000210
Corresponding polynomial value, n represents the number of sender features in the sender feature sequence;
defining a data structure of a hash table, wherein the address space of the data structure is m;
selecting a hash function h, and obtaining a polynomial value corresponding to the ith sender characteristic in the secret fragment sequence
Figure FDA00038398099700000211
Is stored in a data structure at an address of
Figure FDA00038398099700000212
Wherein, i =1,2, \8230n,
Figure FDA00038398099700000213
denotes a function value after the ith sender characteristic is processed by a hash function h,% denotes a modulo operation.
5. The secret sharing based body area network key agreement method of claim 4, wherein the number of buckets in the data structure is at least 10 times n.
6. The key agreement method of the body area network based on the secret sharing of claim 1,2, 3 or 4, characterized in that the receiver retrieves the receiver characteristics existing in the bloom filter at the same time of the appointed threshold number from the receiver characteristic sequence, and in the step of marking the receiver characteristics as the matching value, if the number of the matching values retrieved by the receiver is less than the appointed threshold, the key agreement is considered to be failed.
7. The secret sharing based body area network key agreement method of claim 6, further comprising:
after solving the key to be negotiated, the receiver generates a hash message authentication code HMAC (K', N) o |ID s |ID r ) And sending the hashed message authentication code to the sender, wherein N o String, ID, indicating the current time s Indicating sender device ID, ID r The ID of the equipment of the receiving party is shown, and K' shows the key to be negotiated which is solved by the receiving party;
if the sender receives the hash message verification code, the N can be solved by using the key K to be negotiated of the sender o |ID s |ID r And the solved key K' to be negotiated is considered to pass the verification.
8. A sender device, comprising:
the bloom filter mapping module is used for mapping the sender features in the sender feature sequence to the bloom filter;
the data structure establishing module is used for establishing a secret fragment sequence and storing the secret fragment sequence in a data structure of a hash table, wherein the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established by referring to a polynomial in Shamir secret sharing based on a key to be negotiated and a predetermined threshold;
a sending module for sending the bloom filter and the data structure to a receiving party;
the receiving module is used for receiving encrypted information which is sent by the receiving party and encrypted by using the key to be negotiated and decoded by the receiving party;
the process for acquiring the key to be negotiated, which is solved by the receiver, is as follows: the receiver retrieves the receiver characteristics which exist in the bloom filter while the appointed threshold number is searched from the receiver characteristic sequence, and the receiver characteristics are recorded as a matching value; the receiver acquires a polynomial value corresponding to the matching value from the data structure, and reconstructs a polynomial to solve the key to be negotiated based on the matching value and the polynomial value corresponding to the matching value;
and the verification module is used for verifying the key to be negotiated which is solved by the receiver, and if the verification is passed, the key negotiation is successful.
9. A receiving device, comprising:
the receiving module is used for receiving the bloom filter and the data structure sent by the sender;
all sender characteristics in the sender characteristic sequence are mapped in the bloom filter;
the data structure establishment process comprises: a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash table-like table, wherein the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established by referring to a polynomial in Shamir secret sharing based on a key to be negotiated and a predetermined threshold;
the matching value searching module is used for searching the receiver characteristics which exist in the bloom filter while the appointed threshold number is searched from the receiver characteristic sequence and recording the receiver characteristics as the matching value;
the key to be negotiated is solved by the module, a polynomial value corresponding to the matching value is obtained in the data structure, and the key to be negotiated is solved by reconstructing the polynomial based on the matching value and the polynomial value corresponding to the matching value;
and the sending module is used for sending the encrypted information encrypted by the solved key to be negotiated to the sender.
10. A secret sharing based key agreement system for a body area network, comprising a sender device according to claim 8 and a receiver device according to claim 9, the sender device and the receiver device performing key agreement according to the method of one of claims 1 to 7.
CN202211099981.0A 2022-09-09 2022-09-09 Body area network key negotiation method and system based on secret sharing Active CN115622693B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211099981.0A CN115622693B (en) 2022-09-09 2022-09-09 Body area network key negotiation method and system based on secret sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211099981.0A CN115622693B (en) 2022-09-09 2022-09-09 Body area network key negotiation method and system based on secret sharing

Publications (2)

Publication Number Publication Date
CN115622693A true CN115622693A (en) 2023-01-17
CN115622693B CN115622693B (en) 2023-05-30

Family

ID=84858795

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211099981.0A Active CN115622693B (en) 2022-09-09 2022-09-09 Body area network key negotiation method and system based on secret sharing

Country Status (1)

Country Link
CN (1) CN115622693B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012085215A1 (en) * 2010-12-23 2012-06-28 Thales Method and system for multi-threshold multimodal authentication using secret sharing
CN103457722A (en) * 2013-08-11 2013-12-18 吉林大学 Bidirectional identity authentication and data safety transmission providing body area network safety method based on Shamir threshold
US20160149878A1 (en) * 2014-11-21 2016-05-26 Mcafee, Inc. Protecting user identity and personal information by sharing a secret between personal iot devices
CN106453393A (en) * 2016-11-11 2017-02-22 湖北大学 Verifiable privacy-preserving data type matching in participatory sensing
CN107241321A (en) * 2017-05-26 2017-10-10 陕西科技大学 A kind of personal medical information method for secret protection
CN107798251A (en) * 2017-10-19 2018-03-13 江苏大学 Secret protection symptom matching system and its matching process based on Proxy Signature
CN109496403A (en) * 2016-07-25 2019-03-19 罗伯特·博世有限公司 For having the preceding dynamic to privacy and commission verifiability to can search for the method and system of symmetric cryptography
US20210409215A1 (en) * 2020-06-25 2021-12-30 Digital 14 Llc Error-correcting key agreement for noisy cryptographic systems
CN114091094A (en) * 2021-11-16 2022-02-25 中国电子科技集团公司第三十研究所 Fingerprint authentication and key agreement method supporting updating

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012085215A1 (en) * 2010-12-23 2012-06-28 Thales Method and system for multi-threshold multimodal authentication using secret sharing
CN103457722A (en) * 2013-08-11 2013-12-18 吉林大学 Bidirectional identity authentication and data safety transmission providing body area network safety method based on Shamir threshold
US20160149878A1 (en) * 2014-11-21 2016-05-26 Mcafee, Inc. Protecting user identity and personal information by sharing a secret between personal iot devices
CN109496403A (en) * 2016-07-25 2019-03-19 罗伯特·博世有限公司 For having the preceding dynamic to privacy and commission verifiability to can search for the method and system of symmetric cryptography
CN106453393A (en) * 2016-11-11 2017-02-22 湖北大学 Verifiable privacy-preserving data type matching in participatory sensing
CN107241321A (en) * 2017-05-26 2017-10-10 陕西科技大学 A kind of personal medical information method for secret protection
CN107798251A (en) * 2017-10-19 2018-03-13 江苏大学 Secret protection symptom matching system and its matching process based on Proxy Signature
US20210409215A1 (en) * 2020-06-25 2021-12-30 Digital 14 Llc Error-correcting key agreement for noisy cryptographic systems
CN114091094A (en) * 2021-11-16 2022-02-25 中国电子科技集团公司第三十研究所 Fingerprint authentication and key agreement method supporting updating

Also Published As

Publication number Publication date
CN115622693B (en) 2023-05-30

Similar Documents

Publication Publication Date Title
JP6420854B2 (en) Device and user authentication
Hu et al. Secure and efficient data communication protocol for wireless body area networks
EP2417546B1 (en) Combined authentication of a device and a user
US8347094B2 (en) Securing wireless body sensor networks using physiological data
Sathya et al. Secured remote health monitoring system
Al-Hamadi et al. Lightweight security protocol for ECG bio-sensors
US8345879B2 (en) Securing wireless body sensor networks using physiological data
Bao et al. A method of signal scrambling to secure data storage for healthcare applications
Sufi et al. A chaos‐based encryption technique to protect ECG packets for time critical telecardiology applications
CN111083150A (en) Identity authentication and data security transmission method under medical sensor network environment
Naresh et al. Secure lightweight IoT integrated RFID mobile healthcare system
Shankar et al. A survey on wireless body area network and electronic-healthcare
Zheng et al. Comparative study on electrocardiogram encryption using elliptic curves cryptography and data encryption standard for applications in Internet of medical things
JP5331963B2 (en) Wireless communication authentication method, wireless communication system, and wireless sensor
CN108401010A (en) A kind of intelligent medical rescue skills and system based on car networking
CN115622693A (en) Secret sharing-based body area network key negotiation method and system
CN113890890B (en) Efficient data management method applied to intelligent medical system
CN103312738A (en) Remote wireless secure transmission method and system of medical health information
Nashwan Analysis of the Desynchronization Attack Impact on the E2EA Scheme.
CN112635010A (en) Data storage and sharing method under edge calculation based on double block chains
Alhamada et al. Secure Key Exchange for Protecting Health Data Diffie-Hellman Based Approach
Mohamed BioGamal Based Authentication Scheme for Cloud Assisted IoT Based WBAN
CN111949219A (en) Method and system for ordered data access
Jeyakumar et al. Secure medical sensor monitoring framework using novel hybrid encryption algorithm driven by internet of things
Kumari et al. 12 A Comparative Analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant